Skip to main content
CVE-2023-36162 HIGH POC This Week

Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Zzcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34451 HIGH POC PATCH This Week

CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cometbft
NVD GitHub
CVSS 3.1
8.2
EPSS
0.9%
CVE-2023-36183 HIGH POC This Week

Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Openimageio
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-3314 HIGH This Week

A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36815 HIGH This Week

Sealos is a Cloud Operating System designed for managing cloud-native applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sealos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-36377 HIGH This Week

Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Osslsigncode
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3438 HIGH PATCH This Week

An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Microsoft Move
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3313 HIGH This Week

An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-36814 HIGH PATCH This Week

Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Products Cmfcore
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26509 HIGH This Week

AnyDesk 7.0.8 allows remote Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Anydesk
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-36053 HIGH PATCH This Week

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-36609 HIGH This Week

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy